In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. This could lead to incorrect reporting of location data to emergency services with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-177561690
References
Link | Resource |
---|---|
https://source.android.com/security/bulletin/2021-04-01 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2021-04-13 12:15
Updated : 2022-05-03 09:04
NVD link : CVE-2021-0400
Mitre link : CVE-2021-0400
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
- android